Starting with macOS 10.15, Apple has provided a control which permits a user to share Apple downloaded content on all Apple devices that are signed in with the same Apple ID. This allows users to share downloaded Movies, Music, or TV shows with other controlled macOS, iOS and iPadOS devices, as well as photos with Apple TVs. With this capability, guest users can also use media downloaded on the computer. The recommended best practice is not to use the computer as a server, but to utilize Apple's cloud storage in order to download and use content stored there if content stored with Apple is used on multiple devices. Rationale:Disabling Media Sharing reduces the remote attack surface of the system. Impact:Media Sharing allows for pre-downloaded content on a Mac to be available to other Apple devices on the same network. Leaving this disabled forces device users to stream or download content from each Apple authorized device. This sharing could even allow unauthorized devices on the same network media access. Remediation: Run the following command to disable Media Sharing: $ /usr/bin/sudo -u <username> /usr/bin/defaults write com.apple.amp.mediasharingd home-sharing-enabled -int 0 example: $ sudo -u test2 /usr/bin/defaults write com.apple.amp.mediasharingd home-sharing-enabled -int 0

[Yes/No]

Run the following command to disable Media Sharing: $ /usr/bin/sudo -u username /usr/bin/defaults write com.apple.amp.mediasharingd home-sharing-enabled -int 0